Configure player

Close

WWDC Index does not host video files

If you have access to video files, you can configure a URL pattern to be used in a video player.

URL pattern

preview

Use any of these variables in your URL pattern, the pattern is stored in your browsers' local storage.

$id
ID of session: wwdc2002-815
$eventId
ID of event: wwdc2002
$eventContentId
ID of session without event part: 815
$eventShortId
Shortened ID of event: wwdc02
$year
Year of session: 2002
$extension
Extension of original filename: mov
$filenameAlmostEvery
Filename from "(Almost) Every..." gist: ...

WWDC02 • Session 815

Developing for the Managed Desktop

Networking and Server • 58:43

This session explains how to run and test your applications in a network-based environment. Learn about the mechanisms being employed in Mac OS X and the tools that are available to ensure your customers have the best possible experience with your software.

Speaker: Rob Neville

Unlisted on Apple Developer site

Transcript

This transcript was generated using Whisper, it has known transcription errors. We are working on an improved version.

Good morning. I'd like to welcome you to session 815, developing for the Managed Desktop. I also want to command -- or commend your stamina for being here at 9:00 in the morning. I think you'll find the contents worth arriving for. With that, I'd like to introduce Rob Neville.

Thanks. Again, good morning. My name's Rob Neville. Since those of you who are here, I think probably most of you, with the exception of a couple people that I actually know, wanted to be here. So, welcome. This morning we're going to talk about managing for developing and using a managed desktop. And I want to let you know that Mac OS X in the Jaguar timeframe is a managed desktop.

We're going to be talking about what Apple's doing and how that Managed Desktop works. We're going to tell you how your applications can play in the Mac OS X networked environment and how you can best fit in to this Managed Desktop. You're not going to get a choice, really. I mean, there will be and there will continue to be for Mac OS X individual desktops, people using computers at home that aren't networked, but more and more where your products are being utilized. And there are probably, as I look around this audience today, too, I see a lot of people who aren't developers, people who are actually users of this product.

And your customers are going to be in a networked environment. They're going to be using the management tools that we're going to be giving you and or they're going to be managed by them. And you all are going to have to deal with the consequences of that management, either through an administration level, through a support level, or through a feature level.

So what we'll learn today. Well, we're going to talk a little bit about how we got here. We're going to talk about the Managed Desktop in Jaguar and we're going to talk about how you can play in this environment. So how did we get here? Well, Mac OS X is inherently a multiple user system.

However, in Mac OS 8, 9, and before, the classical Macintosh operating system was not a managed and/or multiple user environment. We did provide, however, a suite of applications over time ending with the Macintosh Manager applications, which allowed you to manage work groups, individual users, groups of resources for the network, and allowed you to give a multiple user interface to the Macintosh OS.

Again, this comes built in to Jaguar. In Mac OS X today, it's a multiple user system. Individuals use it one at a time, even though some people can come in through Telnet or SSH or other mechanisms for accessing the data on the computer. Usually there's only one person at a keyboard with one monitor. But you can't guarantee in the long term that that's going to be the case.

Because that's the way it is now, it doesn't mean that that's the way it's going to be next year, the year after, the year after that. I'm not announcing any capabilities. I'm just saying that it's possible. So don't plan and don't program that you're only going to have one individual accessing the computer at a time.

Macintosh Manager 2.1 ships with the Mac OS X server today. It provides, as I was saying, the multiple user functionality to Mac OS 8 and 9. It also allows you to customize the desktop environment. It allows you to give access to users via work group or via individual user. It's largely used in our education market. It's used largely in our education market. Our education market is our primary customer.

So we're going to continue to support this product, this 8 and 9 product, going forward with Macintosh Manager as it exists today. And this product was a follow-on to and an evolution of Addy's Macintosh Manager 1. We took feedback from the customers out there, we incorporated that, and we got to where we are today with Macintosh Manager 2.1. That's going to stay as it is. We're going to continue to support it. We're going to continue to fix critical bugs in it. We're going to continue to ship a version of the server that allows you to support your 8 and 9 customers and clients out there.

But we're not going to be doing any new development on Macintosh Manager 2.1. And there is, in essence, no need for Macintosh Manager in Mac OS X. Mac OS X is a multiple user desktop managed environment. And at Jaguar, we're going to be giving the administrators of the systems more control over what they can manage.

In the process of shipping a multiple user system to network customers like we have in schools, we've learned a few things. And I want to talk about some of the things that we've learned. Network traffic is not good. In the past, our primary customers, in this case the education market, were on slow-speed networks.

Those of us who remember the old days of coax cable and local talk know that those networks, which were utilized in schools to a great degree, were pretty slow. Those things have been upgraded. Now they're talking about 10 megabit. If they're not talking about 10 megabit, maybe they've got 100 megabit or even a gigabit backbone, but they may not have that wiring down to the switch to the classrooms. And that's traditionally, over the last 10 years, been the migration that they have moved through. However, we're actively marketing, and people are actively using wireless networks now. AirPort is very big, and we are also selling lots of AirPort-capable CPUs.

I'm looking around the audience today and I see a lot of people with a lot of PowerBooks. There are a lot of people with a lot of iBooks. Those iBooks are all airport capable, and those of you who have airport carts are probably using them at this conference because we're providing you airport connectivity. The airport connectivity is not fast.

I mean, it's faster than local talk, but it's not a huge pipe. And what you get here is this could be a sample classroom or three classrooms. And if you get everybody accessing data over the network simultaneously, if you all had PowerBooks, network I.O. would cause a bottleneck.

So network I/O in essence is bad. And that's one of the things that we've learned is to try as much as possible to keep our network traffic to a minimum. Preference storage is another thing that we've gotten bitten by historically, one of the lessons we have learned. And to the point where with Macintosh Manager 2.1, we gave our users the capability of creating home directories for their users on the server. And they used that functionality. And what happened was we stored then in those home directories, we stored preference files. We stored cache files. We stored all the data that allowed a user to access a similar environment no matter where they went.

However, again, with multiple users, not per machine, but per server, those people accessing that data simultaneously over the network could bring that network to its knees very rapidly, especially if you're storing a lot of data there. If you are using the cache file or the preferences file as just this big scratch area, well that scratch area may be out on the network.

and it's on the network and it's accessed by everybody in the room all at the same time even on a fast network you're gonna bring that network to its knees. The other thing that we noticed is that With the notion of a home directory and with the notion of the files being stored on the server, the infrastructure and or the connectivity to that server is not always Guaranteed.

Especially when you're talking about an airport environment. In an airport environment that can go up and down, whether or not the teacher is warming up a cup of coffee in the room next door to the classroom, or some big person like me walks in front of the airport base station, you can get interruptions.

And if you are not storing your files, at least some portion of your scratch files locally, and the connectivity to the server goes away, and you try and then write that file out, but you no longer have a path to that file? Some cases, some of you in the audience have written software which will crash. But in essence, what you need to be able to do is give the users the capability to save the file locally, wherever possible. Be volume independent.

So, just to reiterate, the customers are moving towards wireless. This is 11 megabit, currently 11 megabit maximum, and that is a shared environment, so that goes down. A lot of our customers, a lot of your customers, don't have robust networks, switches, and servers, or bottlenecks. Again, to reference the preferences and the caches again, let's say you have similar cache data for each of your users, and I now have 10,000 users on a server. Well, I've just replicated 10 megabyte files that contain the same amount of data, all existing on the same hard drive somewhere.

Well, that's no sweat off of your nose as a developer. I mean, you want to have that data accessible to your users, but the end user, the person who is maintaining that server, might not like that very much because suddenly their resource, the hard drive on that server, even though hard disk space is cheaper now than it has been ever before, still is a resource that they covet and they want to keep as clean as possible.

So the next thing we're going to do, and we're going to talk about this, is from a development standpoint, what I want to make clear to you, and we'll show this to you here in a second, is that polling is bad. File I.O. takes time. It takes very little time locally, but it can take a lot of time to a network, especially if it's happening all at the same time. So I'd like to come over here and show you a sample. This is on demo two. Thanks. I might be showing software that some of you in this room have written. I don't know everybody here, and I'm not doing any of this to embarrass anybody.

But I do want you to know that... We're just as guilty of this, of some of the stuff I'm going to be showing you. And what I've got, and what I'd like to recommend that you do as developers, and we're going to be providing you hopefully with a suite of tools that you can run as part of the development environment that will allow you to facilitate this, but this is something you can do today. Rob Neville What I have here in this particular window is I'm running Top, and I've got three applications running, Address Book, Apple Works, and Internet Explorer.

And the only one that you can see, the other two I have hidden currently is Address Book. So if I come over here to this other window, and I'm going to... The process ID of the address book is 513, and I'm going to watch the file system usage for the address book.

[Transcript missing]

Let's try Apple Works. Now, Apple Works is running in the background. And what it's running in, and I'll show you in a minute, is just running a blank word processor. Imagine 30 of those all going through a 10 megabit switch all at the same time. Going to a local hard drive is not any big deal. But going across the network it is.

And just so that I don't pick on Apple Works, here's Internet Explorer. I'm going to go The reason I'm pointing this out to you is Internet Explorer is sitting hidden in the background and it's hitting its cache file. Once a second. You don't need to do that. Please stop.

Those are some of the things that you don't have to set up a complicated server to check this kind of stuff out. These are some simple tests that you can run locally. The fact that we were accessing a cache on a regular basis and that cache happened to be associated with my logged-in user ID, Well, that cache could be on the internet someplace. The home directory for that particular file could be you don't know where. We have a little utility, which one of our engineers wrote, that puts your home directory on an iDisk. In Atlanta.

We don't know who's going to be serving up the home directory. And we're going to be trying to make available to you, as much as possible, mechanisms by which you can... which the user can mitigate and move the storage to a local device. However, to do that, and if we provide that kind of functionality, you need to take advantage of system-level calls. So that's when we get into preference storage, which is the next point. Cache the user's preference locally, if possible. And if not possible, Use the system-level resources. Store them in a system cache.

[Transcript missing]

Don't store it in your folder in the user's home directory.

Use system resources. If we get continual feedback from customers about the amount of network traffic being generated, there may be some facility that we can do to take advantage of that. And if you don't take advantage of the system-level calls, you're going to be left in the dust and your application isn't going to work well. Don't use preferences as cache files. Use preferences for those things which you want to have be static or across sessions. Cache files should be just that cache, temporary, store the data on the local disk, use slash temp wherever possible.

Document access. Try and keep your document access to a minimum. Always assume that the reading and writing is going to take place over a network. and that extra network I/O is going to give your users a bad experience. Understand also that the network connection may not be persistent. I went out to a customer site About three or four months ago, and they had a router between buildings on a campus that went down at one o'clock every day.

and they just lived with it. They didn't fix it. They just lived with it. They walked over at one o'clock every day and rebooted the router. Well, that meant that the servers on the other side of that router went away every day at 1 o'clock. So always allow saving locally wherever possible and try and be volume fault tolerant.

Okay, so that's enough beating you up. Let me tell you about what we're giving you in Mac OS X Jaguar. The administration for the server, the administration for the users takes place on the Mac OS X server. And it takes place through the server manager application. Basically, what we're doing is we're managing resources in three different areas. The first area is users. I think we all understand what the notion of users are. They're individual, identifiable units, people who actually utilize your software, utilize our software. Then there are groups.

And the notion of groups is dependent in some cases on the operating system itself. However, there's also a notion of groups that is logical to how people utilize the software, how people group together. We have engineers. We have students. We have faculty. Those are logical groups. And those logical groups use resources in similar ways.

Then we have physical devices, computer lists, groups of hardware resources by which the users and groups of users access the facilities that you give them. Access to the applications, the printers, the hard drives, the FireWire devices, the CD-ROM drives, those all get access through a computer. And that's where the crux of where we start managing begins, is in the computer list.

We're also giving you the capability of setting, when you set up share points on your file server, of setting up group volumes. Things that will automatically, when a user connects to a group, You will log in and those particular group volumes will either be auto-mounted, they may be put in on the user's desktop, they may be put in a dock.

So that the facility in the same way in Mac OS X where you have a home now, we're not providing you a group now, a little group icon. But we're going to provide you all as administrators the capability of pre-configuring an environment for your groups of users. And SharePoints is one of the ways that we're going to be able to do that.

We're also going to let you set up preferences, Mac OS X preferences, per account type. That means you can set up preferences per user. If you have 10,000 or 100,000 or 700,000 users, that might get a little ponderous. But we're going to give you the capability of doing that. We're going to give you the ability to set up preferences per group. Freshman class, sophomore class, class of 92, class of 07.

[Transcript missing]

and you can set up these preferences in three ways. The first way is initial. What do I mean by initial? That means when the user starts up, you can put some item or set some initial preference for them. The user can then change those, change that preference. And I'll use, for example, I'll use the dock. When you start up Mac OS X, you first boot it up, you'll have a readme item in the dock that you can delete. You'll have a set of of default applications that get put in the doc, which you can remove.

and initial preferences are are exactly that. They're things that you set up for your particular set of users. Let's say you've got a new employee comes into your company and you want to have a pointer to your website. So you might want to put an HTML pointer or a web page or home page in the user's dock.

And the user may leave that in their dock for as long as they wish and you don't care. You just want to make sure that it's available to them the first time they log in. So those are things that are initial preferences. Then we have forced preferences. Forced preferences are things which are written out every time the user logs in. Or the user connects to a group. Or the user uses a specific computer.

So a user walks up to a particular computer that every time it gets booted, sets up the default printer to be the one that's directly connected to it. Now, if the user has permission to add more printers to that printer-- to the printer list available to him or her, Fine, they can do that.

They may even be part of a group which allows them to print to any computer on the network. But when they log in at that particular computer, that computer creates a preference that says, you can print to this locally connected printer. And no other computer on the network may have that capability.

They may not have that preference set. And every time the user logs in, we rewrite out those preferences. So those are forced preferences. Then we have none. And that's a managed state in and of itself. By default, we don't manage any particular set of preferences. So by default, we have no management for the options. We let the users do whatever they want. But that's a conscious decision that you should probably make if you're administrating these facilities.

So the other thing that we do, and this is where it gets really interesting, is... We cache these preferences for access when the computer or the computer's offline from the network. So what's that mean? So I've got a PowerBook. I log into my network. I log in as me.

I connect it up to the server and it downloads a bunch of forced preferences. Those forced preferences are a variety of different things and we'll get into some of them. But some of them are which applications I can access, where my dock settings are, what things show up in my dock, whether or not I can read and write to the CD-ROM drive or burn CDs. And all those preferences get forced and cached locally. Then I close my PowerBook up, I unplug it from the network, and I walk away.

Next time I open up that computer and log in again, those preferences are going to stay the same because I can't access, I'm not accessing the server to be able to update or change those. If I'm the administrator of the machine, I'm given the option to clear that cache whenever I want, but if I'm not, I don't have that option.

So I don't have to give you control of the computer I just handed you. I can set up the permissions and the privileges so that you can only use the applications that I want You can only use the devices that I want. You may be able to change which groups you're accessing, so you might get different sets of applications for different groups as you access them, different capabilities, different printer devices, that kinds of things. But you can't ever clear those preferences. So I also may not give you the ability to access, and we'll be going over these in a second, to access the system preferences themselves.

So if I set your dock to be to the right and don't give you any access to either the dock menu items or the dock system preference, you can't change it. So we can give you, and we are giving you, the capability of managing down to the minutia level of how your users are going to access the computers. or you can choose not to manage certain sections at all. It's your choice.

All of this, as I said before, is set up using the Server Manager application. You set basic configurations here. You can create a user, give them a home directory. You've got a managed environment. A user logs in. Every time they log in, they click on the home. They're going to go to a place on a file server. Well, you're going to go to their home directory. It's managed. You allow them to pick a group. You may give them fours. file system quotas on that server. You may give them print quotas on that server, and they're fully managed.

This data is stored in the directory service node associated with the server. If the server, if the individual computer or the individual user does not wish to bind it to your network, does not wish to point to a directory service someplace out in your network, they won't be managed.

They'll be able to take advantage of your network in the same way that they could with a classic Macintosh OS. If they know a username and password to a server, they'll be able to go out and browse for it, they'll find it, they can log in with their username and password. They get basically the same functionality they get today with Mac OS 8 and 9 in a non-managed environment.

If, however, they wish to take advantage of the power and the access of your system and automatically log in to certain facilities or print to certain printers or see certain items, then they're going to need to bind to a directory service node. And that can be currently either an LDAPv3 or NetInfo. And there have been several sessions here at the conference on directory services.

If you wish to continue to support 8 and 9 users, you will have to import those users into the Macintosh Manager application. This is only for the 8 and 9 users. The 8 and 9 model and what's available to the 8 and 9 users is different than 10.

Server Manager is for creating your lists of users, giving them passwords, signing them home directories, setting print quotas for them, setting file system quotas for them on the server, doing a wide variety of things. If you want to manage whether or not they see the simple finder in Mac OS 9 or the panels environment in Mac OS 8, You need to use the Macintosh Manager application. And to do that, you have to import those users the same way you do today.

I mentioned a little bit earlier, I mentioned about group volumes. Creating group volumes, creating groups, managing users by group is what we're going to be recommending to our user community. For those of you who are going to be administrating and utilizing this product, that's the way we recommend that you do it, as opposed to on an individual user-by-user basis. You may have in a large installation some big number of users, let's say 50,000 users.

You probably aren't going to have 50,000 groups. So to be able to define and update data against 50,000 records as opposed to 100 or even 1,000, More likely somewhere in between groups. It's going to take you less time. and logically there is some way to group bodies of units, user units together. And if you think about it, you can come up with creative solutions for what you give individuals in particular groups access to. So, and you can set up these groups also get set up in the directory services node, as do the computer records, the computer lists.

So what do we give you management right out of the box? We don't allow you to manage everything explicitly. We do, however, allow you to manage everything by not allowing access to some things after you set them up. So basically what we give you and what we'll show you is we give you the ability to manage the login window.

What's in the login window? Well, it's how the users view their list of individuals. If I have a user list that's, again, I'll use the example of 50,000. Well, I may not want or choose to show a list of users, all 50,000 of them, every time a user logs in to allow them to pick it. Even with type ahead, that may take a bit of time.

So I might want in that particular environment to choose just to have a type in field. I may choose to put icons next to everybody's name. because that's cool. Again, five thousand pictures, icon pictures, maybe a lot of network traffic. You may choose not to do that. That's handled, and that's an example of something that's handled on a computer by computer basis.

So that, if I've got thirty computers in a lab, All of those computers are going to give a list view, or most of them are going to give a list view, or all of them are going to just give a type-in view. You can also launch particular items through the login window. You can say, automatically launch Classic.

Login window. Finder. The things in the Finder. Basically what we give you access to. How the Finder looks. Small icons, large icons. In some sense you may be thinking, well, why would I care about what size the icons are? Well, in most cases you probably wouldn't. But on any particular computer, or for a particular group of users who may be visually impaired, ...or old like me, may need to have their icons bigger. So you may wish to change some of those options. Doc.

The doc, where it is, how it operates, what's in it, what the user can do to it, all of that is manageable. Media access. Media access is, can the user access a CD? I'll go over the specifics of it. What sort of physical media can they connect to the device, to the computer? Internet, the internet preferences, system preference. Application access, this is where we get a considerable piece of our power.

And this is where it may affect you if you're a developer. And that is, if you are controlling application access, it's an additive list. It's not a deny list. It's an additive list. So if I put on, for example, mail, and mail uses a spell checking application to real-time check the spelling when I'm typing into mail. And I don't include the spell checking application.

Guess what won't work? because it's an additive list and once you say control what these groups or these specific users people accessing from this particular computer can do You might have a mail workstation there, and that may be the only application at that particular workstation. It's just for email. And that's the only application anybody can use at that particular computer.

So it's additive. So if you have suites, Internet Explorer is a good example. If you have, launch this stuff it when you download an application or download something over the net that's stuffed. If you don't give the user the access, the file system will go, nope, you don't have power to do that.

So, be aware in your documentation that if you have inter-operating applications that you make note of those. So that some poor schmo who doesn't use your application and is setting it up for, you know, a school full of students, doesn't then end up getting a call on Saturday saying, none of these students can access their blah-da-da-da-da, because he forgot to add some helper app.

The preferences are invoked at login, and we'll go over how they're invoked here in a second. And we cache these preferences for offline access. There's an order to the preference priority. And the order is that the first thing that gets loaded is the computer record, what's the preferences that are stored by computer lists.

Then we find out who the user is. We get the user, the user, is the user a member of some groups, we allow them to pick a group. However, the preferences that are set for the user take priority over the preferences that are set for a group. and preferences that are set for a computer.

So that if I wish to have a computer preference take priority, I probably don't want to set that for a user because anything I set for the user is going to override whatever preferences I set for either the group or the computer. So we recommend that you manage most of your settings per group, and that you create, where possible, local accounts for your users. Since we'll be caching these preferences for offline access, Having the users be managed on a local machines is very useful.

What happens? User starts the machine up and the computer is bound to a directory node out there in the network. We go out to that directory node and we look to see whether the computer that is connecting to this node is in a list. If it is, we're going to have We ask for its preferences.

If it's not, we find out whether or not you're controlling any computer that's connected to this directory node. And we'll be showing you that in a minute. We get the preferences for that particular computer. Those things might affect things like the login window, which is why we go do that. It also means that now we're managed, and everything else is going to take place in a managed environment.

So these login prefs go into the login window and they're going to change the way the login window is displayed. Then we're going to get a list of users or just to type in the user name and password fields depending upon how you configured it. If that user is a member of a group, we will display then a list of groups that the user can choose from.

Now we know who the user is and what members of the group they're part of. We go back to the login window and then we invoke the full suite of preferences for the computer, the group, and the user, and they're an aggregate. Some preferences are unionized. Printing is a good example of this.

You may have a printing for a particular computer. You may have a list of printers that's available to a particular group and a list of printers that's only available to an individual user. Those are unionized so that when the printer goes to print, they'll see a union of all the possible printers available to them.

That doesn't make sense in every particular case, but that's the way it works. So I'd like to show you, here on Demo Machine 3, and go through some of the... Preferences. I'll show you what we're going to be able to manage. What I'm doing here is I'm launching the server manager application. Enter in my username and password.

And then what I do is I switch to the network visible node that the other computers on the network are going to be able to bind to. Now, I want to be able to make changes to that particular node, so I'm going to authenticate. And you're noticing that my authentication to log into the network node is different than the admin that I use to log in to the application. I could have the server application be sitting here and the directory node be sitting someplace else. It could be an LDAP directory, it could be anything. It could be anywhere, as long as it's accessible from here. That may be where I'm editing my records.

Here we have three different types of accounts that we can manage. We have users. We have groups. We have lists of computers. And what I've got set here is two examples. One is I've got set up as a notion called Lab 1. And I could go through and set up the individual-- this user interface is not final.

We may be getting questions. One question that we got was, can I set this up by IP address? There will be an area for you to enter in your IP address here. And that will be displayed.

[Transcript missing]

and you can restrict to which groups can use, can access the preferences that are set by all other computers and whether or not this is managed, how often the cache gets changed. You can refresh the cache if you wish.

So in essence what we've got is you can also determine, we come into here, I can say that the computers in Mac OS X and the tools that are available to ensure your customers have the best possible experience with your software. Lab 1 list aren't managed. Or the faculty computers aren't managed. Or my boss's computer isn't managed.

But all other computers are. All student computers are, for example. So this is where you enter in the computer list. And if we come here, then I can go and as we'll walk through these, I can set any of the preferences I can set for anybody or any group. I can set for any grouping of computers. We have groups.

The groups are pretty much standard groups. One of the things that you'll notice is accessing these groups and controlling these groups are much easier and faster than the Mac OS X Server product currently shipping. We've heard you, we've listened, we've made it easier, we've made multiple selections work, dragging work.

and individual computers and individual users. So in each of those, I can click on the preferences and, for example, I can I can... Now what I'm showing you here, if we go back to preferences, is I'm showing you here the applications. And I want to set up the applications that are used by... by this group of computers.

So I'm going to say always right now, and I'm going to add a group of applications that this particular group, and this is Desktop Management Services Engineering Group. So what do I want them to have access to? Well, let's see. Text edit because they're going to need to write source code.

Well, I probably want them to set up a console because there may or may not be some bugs or some error messages. And... Where is that terminal? Oh yeah, and then terminal. Terminal is a good one. Because, What do we want? We wanted a console. So they're going to get access to these three applications. And that's all. They're not going to be able to play their iTunes. I don't want them listening to music. They need to be typing in TextEdit.

and checking for error messages on the console and moving files around in the terminal. Then the system preferences. I can go on and I can, again, manage the preferences. I can say, "Well, I want them to be able to launch Classic and I want them to be able to access their desktop control and... Change your network settings.

So that's going to be all the system preferences they're going to be able to access. All the other system preferences are going to be grayed out. I could show all of them, give them full access to all the system preferences. I can show none of them, in which case if they open up their system preferences, what they will see is all of the items grayed out. They won't be able to change anything in their system preferences. and they're only going to be able to use these three applications.

Apply Now. We're done with that. Finder. I can show them in the Finder. I can show them whether or not they want to use a simplified Finder or whether or not they want to use a regular Finder. where they can show their hard disks, get showed. These are basically standard Finder options. I can set them for them.

I can set up a use of the commands that the Finders access. Do I want them to be able to connect to any server? Do I want them to be able to go to any folder? Do I want them to be able to restart or shut down? Or maybe all I want them to be able to do is log out.

All of these things are controllable. And then if I don't give them access to change these particular settings, that's what they're going to get. What views do I want them to have? Do I want them to have large view or small view? We can get into minutiae here, and the level of control we're being able to give you is exactly the level of control that you want to exercise, from nothing to where the dock sits and how big the icons are. Classic. I can start Classic up when you log in. I can hide Classic if it started up. I can choose which classic volume I wish them to be running off of.

I can allow them or not allow them to turn off extensions or to rebuild the desktop. I can hide the chooser. These are features that are currently in the Macintosh Manager 2.1 product. I can hide control panels. I can show other Apple menu items or not. I can put Classic to sleep.

Two things you can do with the dock. You can set all the preferences that you normally can from the dock settings. The other thing that you can do with the dock items is... You can add things. As you can see here, I've added the admin PDF guide to the doc for this particular group. That means, and it's forced, that means every time the user... Logs in. They're going to get an admin guide stuck in their dock. They can throw it away if I give them the ability to change the dock or not.

user may add items to the dock if they wish or not I can control that but if they throw it away, if I give them access to throw it away next time they log in it's going to be there again and the same thing I can do with applications.

So let's say I want to have put iChat in the dock because I want to be able to talk to my engineers, so I want to be able to chat with them. So, iChat's going to show up in the doc as well as the admin guide every time.

And we're going to go down here and we have finder we talked about, internet, internet preferences, what their default reader is, What their email address is. Now these things don't make sense. The email address doesn't make sense for a group. So you probably wouldn't want to be setting these on a group basis.

And we probably will prevent you from setting them on a group basis, though I believe that the interface allows you to do it now. What the web settings are. You can set what your default websites and home pages are. For a particular group of users, it might be different. You might want to have your HR department always come up with the HR website whenever they start their home page.

Login window, we talked a little bit about. Login window doesn't make any sense. This is one of the areas we don't have a bug for. It doesn't make any sense at a group level because it happens. You don't know who the group is when you log in because you haven't logged in yet. What items get automatically launched, though, however, could be per group.

So the login window only makes sense in a computer list environment. So if we switch over to computer lists and come in here to login, we show you what you can do with a login window. Name and password entry field, a list of users, show other user, disable restart and shutdown, give hints.

All of those things. And those things are per computer because it's the only place it makes sense. Media Access. The things that we can do with Media Access, we can allow or require authentication to use a CD-ROM, DVD, or recordable disc. We can allow or require authorization or have read-only for internal disks or external disks, and those include zip drives, firewire, USB drives, and then we also give you the ability to prevent them from removing any media if you wish.

And lastly, we have printing. We can add printers to the list. We can create a list of printers. I have no printers configured to this machine since it's local. Then there are no printers up here. I can create a list of printers. I can open up the print center.

I can open up the print center, create, using print center, create some computer lists, and then add the ones that I want to this particular list for that particular group. And then that group's going to have access, or that user's going to have access. Or in this particular case, that computer's going to have access. access.

So that's what we're giving you out of the box. Now one of the things that I mentioned a little bit earlier is that these are all preferences and they're all stored and defined in the CF preference model. And while we don't have it in today's release, if you all as developers Read and write your preferences using CFPreferences. Hopefully... in the near future will be able to give you an API that will hook into this interface and your application can be here.

That means that an administrator can access the preferences that your applications use. And they can do it as initial, they can do it as forced, they can do it as none. So the capability for your service or your application or your suite of applications, if you use the common system preferences, we will read them and write them for you.

In the same way we do for these preferences, and we're going to be adding more system preferences as time allows as well. So it's a really powerful tool to be able to give our users and the administrators of our users the capabilities of setting up an environment, including setting up preferences for your individual applications. So development going forward.

So as I mentioned before, what I want you to do is I want you to assume that your applications will be running in a network environment. If you're here and you're basically your users of the current product, and you're trying to find out how we're going to manage Mac OS X, hear me now.

We're trying to tell the developers who are sitting around you that they're going to be working on a network and that they want to make those kinds of assumptions. Assume that the application access will be controlled by administrators. Developers, assume that the person sitting next to you is actually an administrator, is going to want to actually control how their users use the equipment that they own. So identify any helper apps, clearly. An example of this is IE and Stuffit. And those things are from two different companies. But You know and can know which applications get utilized in the interplay with your applications as well. So mention those kinds of things in the documentation.

Use the CFPreferences Model. I just made an allusion to that before. This allows, in the future, for us to do managed applications. In essence, we're giving managed applications today. We're just managing the system applications, like the Finder or the Dock. If you use CFPreferences, in the future, we may be giving you APIs that will allow you to stick a preference model for your particular application in the same server manager app. and always take advantage of system level compatibility. Always write out to standard system locations. Use /tmp wherever possible.

So in summary, I'd just like to say that the Mac OS X is a managed client, out of the box, it's managed. The management may be none, but it's managed. Assume your applications are running on a network, try and limit the I/O as much as possible, don't pull, You saw a couple examples of polling. You saw an example of one application that didn't appear to be polling. So you cannot poll. It is possible. And use the CF preference model.

[Transcript missing]

So this is the last day of the conference, and most of these sessions have already been, most of them, two-thirds of the three, have already run. But if you're going to be reviewing these, you didn't get a chance to go to these particular conferences or these particular sessions. These are the sessions which also refer to the data that was presented here, Mac OS X Server in-depth, Mac OS X Server overview, both of which happened on Monday.

And this afternoon at 5 o'clock, the Server Services Feedback Forum will be here, and we'll be able to talk even more of your questions. So with that, I'd like to bring up Tom Weir and Eric. Did I see you here? Eric is our Marketing Manager. I'd like to bring him up if I could, too. If you have any questions or concerns or comments, the questions, you can go to the mics. And mic is right there. You can contact either me or Tom Weir, and our addresses are there.